From 5286b50c19677aa56c127409cad2bd2bd2ba2f10 Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Mon, 22 Jun 2015 20:49:40 +0200 Subject: [PATCH] We already set the IP in add_connection, no need to do that in check_init again. Fix bug where "insecure link" message was shown despite localhost. --- src/modules/m_server.c | 2 +- src/s_bsd.c | 71 ++++++++++++++---------------------------- 2 files changed, 25 insertions(+), 48 deletions(-) diff --git a/src/modules/m_server.c b/src/modules/m_server.c index 45f7bc06f..2b7cbdd42 100644 --- a/src/modules/m_server.c +++ b/src/modules/m_server.c @@ -670,7 +670,7 @@ int m_server_synch(aClient *cptr, ConfigItem_link *aconf) * Yeah.. there are still other cases when non-SSL links are fine (eg: local IP * of the same machine), we won't bother with detecting that. -- Syzop */ - if (strcmp(cptr->sockhost, "localhost")) + if (!IsLocal(cptr)) { sendto_realops("\002WARNING:\002 This link is unencrypted (non-SSL). We highly recommend to use " "SSL server linking. See https://www.unrealircd.org/docs/Linking_servers"); diff --git a/src/s_bsd.c b/src/s_bsd.c index acd093d63..93122cea8 100644 --- a/src/s_bsd.c +++ b/src/s_bsd.c @@ -680,10 +680,9 @@ void write_pidfile(void) #endif } -/* - * Initialize the various name strings used to store hostnames. This is set - * from either the server's sockhost (if client fd is a tty or localhost) - * or from the ip# converted into a string. 0 = success, -1 = fail. +/* This used to initialize the various name strings used to store hostnames. + * But nowadays this takes place much earlier (in add_connection?). + * It's mainly used for "localhost" and WEBIRC magic only now... */ static int check_init(aClient *cptr, char *sockn, size_t size) { @@ -692,32 +691,8 @@ static int check_init(aClient *cptr, char *sockn, size_t size) RunHookReturnInt3(HOOKTYPE_CHECK_INIT, cptr, sockn, size, ==0); - /* If descriptor is a tty, special checking... */ -#if defined(DEBUGMODE) && !defined(_WIN32) - if (isatty(cptr->fd)) -#else - if (0) -#endif - { - strlcpy(sockn, me.sockhost, HOSTLEN); - bzero((char *)&sk, sizeof(struct SOCKADDR_IN)); - } - else if (getpeername(cptr->fd, (struct SOCKADDR *)&sk, &len) == -1) - { - /* On Linux 2.4 and FreeBSD the socket may just have been disconnected - * so it's not a serious error and can happen quite frequently -- Syzop - */ - if (ERRNO != P_ENOTCONN) - report_error("connect failure: %s %s", cptr); - return -1; - } - (void)strlcpy(sockn, (char *)Inet_si2p(&sk), size); - -#ifdef INET6 - if (IN6_IS_ADDR_LOOPBACK(&sk.SIN_ADDR) || !strcmp(sockn, "127.0.0.1")) -#else - if (inet_netof(sk.SIN_ADDR) == IN_LOOPBACKNET) -#endif + /* Some silly hack to convert 127.0.0.1 and such into 'localhost' */ + if (IsLocal(cptr)) { if (cptr->hostp) { @@ -726,7 +701,6 @@ static int check_init(aClient *cptr, char *sockn, size_t size) } strlcpy(sockn, "localhost", HOSTLEN); } - bcopy((char *)&sk.SIN_ADDR, (char *)&cptr->ip, sizeof(struct IN_ADDR)); cptr->port = (int)ntohs(sk.SIN_PORT); @@ -780,22 +754,6 @@ int check_client(aClient *cptr, char *username) Debug((DEBUG_DNS, "ch_cl: access ok: %s[%s]", cptr->name, sockname)); -#ifdef INET6 - if (IN6_IS_ADDR_LOOPBACK(&cptr->ip) || - (cptr->ip.s6_addr[0] == mysk.sin6_addr.s6_addr[0] && - cptr->ip.s6_addr[1] == mysk.sin6_addr.s6_addr[1]) -/* || - IN6_ARE_ADDR_SAMEPREFIX(&cptr->ip, &mysk.SIN_ADDR)) - about the same, I think NOT */ - ) -#else - if (inet_netof(cptr->ip) == IN_LOOPBACKNET || - inet_netof(cptr->ip) == inet_netof(mysk.SIN_ADDR)) -#endif - { - ircstp->is_loc++; - cptr->flags |= FLAGS_LOCAL; - } return 0; } @@ -1190,6 +1148,25 @@ add_con_refuse: */ get_sockhost(acptr, Inet_si2p(&addr)); bcopy((char *)&addr.SIN_ADDR, (char *)&acptr->ip, sizeof(struct IN_ADDR)); + + /* Tag loopback connections as FLAGS_LOCAL */ +#ifdef INET6 + if (IN6_IS_ADDR_LOOPBACK(&acptr->ip) || + (acptr->ip.s6_addr[0] == mysk.sin6_addr.s6_addr[0] && + acptr->ip.s6_addr[1] == mysk.sin6_addr.s6_addr[1]) + /* || + IN6_ARE_ADDR_SAMEPREFIX(&acptr->ip, &mysk.SIN_ADDR)) + about the same, I think NOT */ + ) +#else + if (inet_netof(acptr->ip) == IN_LOOPBACKNET || + inet_netof(acptr->ip) == inet_netof(mysk.SIN_ADDR)) +#endif + { + ircstp->is_loc++; + acptr->flags |= FLAGS_LOCAL; + } + j = 1; list_for_each_entry(acptr2, &unknown_list, lclient_node)